Wireless communication devices, such as smart phones, have traditionally been configured to utilize Universal Integrated Circuit Cards (UICCs) that provide access to wireless network services. A UICC typically takes the form of a small removable card (e.g., a Subscriber Identity Module (SIM) card) that is inserted into a wireless communication device. In most cases, each UICC is associated with a single “Issuer”—such as a mobile network operator—that controls the programming and distribution of the UICC.
In more recent implementations, non-removable UICCs—referred to herein as embedded UICCs (eUICCs)—are being included on system boards of wireless communication devices. These eUICCs are distinct from the traditional removable UICCs in that the eUICCs are non-removable and soldered to the system boards of wireless communication devices. An eUICC can be programmed with one or more eSIMs, each of which can emulate and replicate the architecture of a typical SIM so as to enable a wireless communication device including the eUICC to access wireless network services.
The use of eUICCs and eSIMs can offer significant advantages over traditional UICCs. For example the use of an eUICC can provide device manufacturers with increased flexibility in device design due to the lack of a requirement to design the device to accommodate the size and form factor of a removable SIM card. As a further example, the ability to remotely provision (e.g., over-the-air) eSIMs can provide convenience for consumers and vendors when configuring a device to access a mobile network operator's network.
Existing approaches for securely preparing and provisioning an eSIM fail to address system scalability issues in situations in which a provisioning server concurrently provisions eSIMs to several eUICCs. In this regard, many existing approaches for provisioning eSIMs, such as that specified by the GlobalPlatform™ Specification, encrypt the eSIM with a key that is specific to a target eUICC. This approach prevents encryption of the eSIM prior to initiation of a provisioning session, as the target eUICC must be identified before the eSIM can be encrypted for provisioning using the key that is specific to the target eUICC. The overhead required to derive the appropriate encryption key and encrypt the eSIM in real-time during a provisioning session can be particularly burdensome when a provisioning server is concurrently provisioning eSIMs to several eUICCs, such as around the time of a new product release.